ID: 40046 Updated by: [EMAIL PROTECTED] Reported By: mbechler at eenterphace dot org Status: Assigned Bug Type: Feature/Change Request PHP Version: 5.2.1RC2 Assigned To: pajoye New Comment:
>From Moritz Bechler: It took some time - but I now managed to put together some test cases (which hopefully can also serve as examples). I noticed that the current "openssl_x509_checkpurpose" function does not allow for passing verification flags so I introduced a new function "openssl_x509_check" (verify might be better but might cause confusion with openssl_verify) which does pretty much the same thing but takes a flags parameter which can be used to enable CRL checking and some other checking features which I did not test yet. I chose to add a new function because a) adding the argument to the end forces passing two (one unused in most cases) optional arguments b) _checkpurpose is a bit too specific. I hope that approach is okay. The updated patch is at http://mbechler.eenterphace.org/php6-openssl-crl.patch and the phpt and required data (needs a small CA, included files are valid for 5 years) at http://mbechler.eenterphace.org/php6-openssl-crl-tests.tar.bz2 I noted my test fails (even for ascii filenames) when run in unicode mode which is a result of this check in php_openssl_x509_from_zval: if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) { return NULL; } maybe I'll find some time to have a look at proper filesystem encoding conversions for ext/openssl. Previous Comments: ------------------------------------------------------------------------ [2007-08-03 11:37:24] [EMAIL PROTECTED] Add the note here too :) Please provide some test cases as well, including the required data (if any). ------------------------------------------------------------------------ [2007-01-07 02:47:19] mbechler at eenterphace dot org Ok, finally found the bug - new patch is here: http://mbechler.eenterphace.org/ext-openssl-crl.patch ------------------------------------------------------------------------ [2007-01-07 02:26:36] mbechler at eenterhace dot org When trying to use the functionality in a real world scenario I noticed problems with this patch. My FastCGI processes are throwing errors like this *** corrupted double-linked list: 0x08a135f0 *** while it is working nice when run from the command line. I could not get any helpful information yet by debugging, but this one is definitly not ready for inclusion. I'm trying to figure out what's wrong, but I am thankful for any help provided. ------------------------------------------------------------------------ [2007-01-06 22:00:50] [EMAIL PROTECTED] The patch you sent to the list: http://pecl.php.net/~pierre/ext-openssl-crl.patch ------------------------------------------------------------------------ [2007-01-06 20:59:36] mbechler at eenterphace dot org Description: ------------ Requesting inclusion of CRL generation support in the OpenSSL extension. Patch has been submitted to php.internals. Having CRL support would be nice for creating CA applications in PHP. I've tried to do it in a standalone extension but that does not itegrate very well with ext/openssl's certificate functions. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40046&edit=1
